Sai Sireesh: What is New in Your Risk and Compliance Journey?

Hello and a warm welcome from the Microsoft Worldwide Financial Services Team.   In this blog Jeff and I will share our perspectives on the current and future state of governance, risk management and compliance initiatives around the world and the enhanced role of information technology as enablers of GRC execution blueprints. We look forward to an interactive dialogue with you around this topic that we are quite passionate about and discussing how technology can support emerging regulations and industry trends.

I am sure like many others, most of you are either implementing or reviewing your current state of GRC initiatives to deal with the rapidly evolving risk and compliance needs in the digital decade. Many firms we speak with are busy executing fast track projects and quick fixes to be able to react to the current environment. Some of you are also reviewing your strategic long term approach to risk management and compliance capabilities as events have clearly demonstrated that this will be a differentiating factor. Some of the new regulations we are monitoring globally are:
- Credit process                                               -   Liquidity Management
- Stress Testing                                               -   Capital Adequacy
- e-discovery (electronic discovery)                    -   e-mail retention
- tighter supervision                                          -  Corporate governance
- Hedge fund & special Purpose Vehicles (SPV) compliance.

With costs savings being key, all firms we speak with are looking at innovative and cost-effective ways to maximize and extend their existing IT and infrastructure investments for their risk management and compliance implementation challenges.  In this first blog post I also want to briefly answer a question we often get asked... ‘What is Microsoft doing in this space? ‘

 Our focus is to make GRC part of everyday activities for employees by maximizing your current investments. We believe we can help enhance the foundation of governance risk management, compliance through enabling people with easy/familiar tools. Based on our research and feedback from many of you in the industry, the core three principles of our people-focused approach to help execute long-term GRC vision and blueprints are:

3 principles


Most organizational end-users are familiar with Microsoft tools and capabilities. Our efforts are to help maximize, extend, and enhance risk and compliance best practices into the day-to-day processes and workflows at an employee’s desktop with minimal disruption, using the Microsoft capabilities and rich ecosystem of partners. We believe that our capabilities can play a key role to play in executing the future state of GRC blueprints by helping bridge the last mile of GRC best practices for the employees interface.



Last week, I spent two days with a CRO and CIO of a large emerging markets company who were both keen to be more proactive about risk management and compliance rather than be in reactive mode. The discussion centered around holistic risk and compliance frameworks with an agile and integrated IT infrastructure foundation when the regulatory compliance landscape is expected to change rapidly. Typically any large organizations would have at least 30-40 different silos of risk management and compliance applications and environments spread across business lines. A common challenge has been the all-up, integrated view of the enterprise risk management across the organization.    Although risk management and compliance is heavily dependent on people buy-in, we do see an increasing shift to automation in the governance, risk management and compliance world due to the increasing complexity as well as the pace of developments in the regulatory requirements. Some of the key technology elements for GRC we see emerging are:
1. Productivity 
2. Self Serve /DIY model 
3. Agility
4. Cloud Computing
5. Supply Chain Risk /Compliance. 

More on this on in our next blogs.  Look forward to your thoughts and comments.


SaiSai Sireesh is Director of Risk Management & Compliance Strategy & Solutions, Worldwide Financial Services for the Microsoft Corporation.  He is responsible for developing and executing Microsoft’s strategy for Risk Management & Compliance industry solutions globally.   Deeply passionate about Risk Management, he currently serves pro bono as the Seattle Co-Regional Director, at non-profit PRMIA (Professional Risk Manager’s International Assoc.) and on the Global Standards committee, PRMIA.  Mr. Sireesh has over 18 years of global experience across Risk and Compliance Consulting, Financial sector Strategy and blueprints execution.  He has worked in North America, Australia, Singapore, Malaysia, Philippines, Thailand, Indonesia and India.  Prior to joining Microsoft, he had had stints at KPMG, Banque Nationale De Paris, Bank of Philippine Islands and Bank of America.  A MBA (Financial engineering) with a computer engineering degree, he was an active back bencher at Wharton, INSEAD, Financial Engineering Center-NUS Singapore & Berkman Centre for Internet Law, Harvard Law School. He is a regular contributor to the Journal of Regulation & Risk and has authored several global research studies and articles.